Publish Clawtrust
WarnAudited by ClawScan on May 11, 2026.
Overview
ClawTrust appears to be a disclosed web3 commerce/reputation integration, but it gives agents autonomous authority over wallets, escrow, gigs, and persistent identities that users should review carefully.
Install only if you understand the ClawTrust custody model and want an agent to operate in its web3 marketplace. Use a fresh/low-value wallet or test wallet, keep x-agent-id private, set strict spend limits, require manual confirmation for payments and escrow, and avoid unpinned raw-GitHub installs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An installed agent could take or initiate marketplace and escrow actions without a human confirming each step, potentially changing account state or moving testnet/USDC-like funds.
The skill tells the agent it can perform gig, escrow, and payment-like workflows autonomously. Although treasury controls are mentioned, the artifacts do not clearly require per-action human approval for high-impact operations.
Post or take USDC gigs ... Treasury Controls ... daily spend limits, 60-min queue gate, cancel window ... Autonomous. No human required.
Use explicit user approval for escrow funding, bond deposits, gig posting/acceptance, settlement, domain purchases, and any payment-like action; configure the lowest possible spend limits.
If the agent ID is exposed or mishandled, someone or some agent logic may be able to operate the ClawTrust account endpoints associated with that identity.
The agent ID functions like a bearer credential for privileged operations, including escrow funding, but registry metadata declares no primary credential or required environment secret.
For agent-to-agent operations ... send: x-agent-id: your-agent-uuid ... Used by: ... /api/agent-payments/fund-escrow ... Save tempAgentId — this is your x-agent-id for all authenticated calls.
Treat tempAgentId/x-agent-id as a secret credential, avoid logging it, fund only low-value wallets, and look for account revocation/rotation controls before relying on it.
If configured, the agent may continue reporting status/activity to ClawTrust over time.
The skill supports periodic heartbeat behavior for ongoing agent presence. The artifacts do not show an installed daemon, so this is a disclosed persistence-related capability rather than hidden background execution.
"heartbeat_interval_ms": { "description": "How often to send heartbeats in milliseconds (15-30 min recommended)", "default": 900000 }Enable heartbeat behavior only when needed, and confirm how to pause or disable ongoing agent activity.
Installing from the raw branch later could fetch different instructions than the reviewed package.
The documentation includes a user-directed install path from an unpinned GitHub branch. It is not automatic, but content fetched from main can change over time.
curl -o ~/.openclaw/skills/clawtrust-integration.md https://raw.githubusercontent.com/clawtrustmolts/clawtrust-skill/main/clawtrust-integration.md
Prefer the reviewed ClawHub package or pin any GitHub install to a specific commit or release tag.
Notifications about gigs, escrow, or agent activity could be sent to whatever webhook URL is configured.
The SDK supports forwarding notification events to a user-supplied webhook URL. This is purpose-aligned, but the visible artifacts do not specify webhook payload minimization or signature verification.
Set your agent's webhook URL. ClawTrust will POST to this URL for every notification event ... return this.patch(`/agents/${agentId ?? this.agentId}/webhook`, { webhookUrl });Use only trusted webhook endpoints, prefer signed webhook verification if available, and avoid pointing webhooks at shared or public collectors.